An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Git | Git-scm | 2.14.0 (including) | 2.14.6 (excluding) |
| Git | Git-scm | 2.15.0 (including) | 2.15.4 (excluding) |
| Git | Git-scm | 2.16.0 (including) | 2.16.6 (excluding) |
| Git | Git-scm | 2.17.0 (including) | 2.17.3 (excluding) |
| Git | Git-scm | 2.18.0 (including) | 2.18.2 (excluding) |
| Git | Git-scm | 2.19.0 (including) | 2.19.3 (excluding) |
| Git | Git-scm | 2.20.0 (including) | 2.20.2 (excluding) |
| Git | Git-scm | 2.22.0 (including) | 2.22.2 (excluding) |
| Git | Git-scm | 2.21.0 (including) | 2.21.0 (including) |
| Git | Git-scm | 2.23.0 (including) | 2.23.0 (including) |
| Git | Git-scm | 2.24.0 (including) | 2.24.0 (including) |
| Red Hat Enterprise Linux 7 | RedHat | git-0:1.8.3.1-21.el7_7 | * |
| Red Hat Enterprise Linux 8 | RedHat | git-0:2.18.2-1.el8_1 | * |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | RedHat | git-0:2.18.2-1.el8_0 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-git218-git-0:2.18.2-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | rh-git218-git-0:2.18.2-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | rh-git218-git-0:2.18.2-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-git218-git-0:2.18.2-1.el7 | * |
| Git | Ubuntu | bionic | * |
| Git | Ubuntu | devel | * |
| Git | Ubuntu | disco | * |
| Git | Ubuntu | eoan | * |
| Git | Ubuntu | trusty | * |
| Git | Ubuntu | upstream | * |
| Git | Ubuntu | xenial | * |